Can somebody tell me what is the substance of SQL ijection and cross-scripting
P.S: Lame question, I know